CreateProcessW
Creates a new process and its primary thread. The new process runs in the security context of the calling process.
If the calling process is impersonating another user, the new process uses the token for the calling process, not the impersonation token. To run the new process in the security context of the user represented by the impersonation token, use the CreateProcessAsUser or CreateProcessWithLogonW function.
创建新进程和它的主线程。新进程在调用进程的安全上下文中运行。
如果调用进程正在模拟其他用户,则新进程使用调用进程的令牌,而不是模拟令牌。如果要在模拟令牌表示的用户的安全上下文中运行新进程,使用 CreateProcessAsUser 或者CreateProcessWithLogonW 函数。
BOOL CreateProcessW(
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFOW lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
);
The name of the module to be executed. This module can be a Windows-based application. It can be some other type of module (for example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer.
要执行的模块的名称。该模块可以是基于Windows的应用。如果本地计算机上有其他适当的子系统,该模块也可以是其他类型(例如,MS-DOS或OS/2)。
The string can specify the full path and file name of the module to execute or it can specify a partial name. In the case of a partial name, the function uses the current drive and current directory to complete the specification. The function will not use the search path. This parameter must include the file name extension; no default extension is assumed.
该参数可以指定要执行的模块的全路径和文件名,也可以制定部分名称。对于部分名称,该函数使用当前驱动器和当前路径来完成制定。该函数不会使用搜索路径。该参数必须包含文件扩展名,没有默认的扩展名。
The lpApplicationName parameter can be NULL. In that case, the module name must be the first white space–delimited token in the lpCommandLine string. If you are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin; otherwise, the file name is ambiguous. For example, consider the string “c:\program files\sub dir\program name”. This string can be interpreted in a number of ways. The system tries to interpret the possibilities in the following order:
c:\program.exe c:\program files\sub.exe c:\program files\sub dir\program.exe c:\program files\sub dir\program name.exe If the executable module is a 16-bit application, lpApplicationName should be NULL, and the string pointed to by lpCommandLine should specify the executable module as well as its arguments.
该 lpApplicationName参数可以为NULL,在这种情况下,模块名称必须是 lpCommandLine字符串中第一个以空格分隔的标记。如果你使用的是包含空格的长文件名,使用带引号的字符串来指示文件名结束为止以及参数的开头;否则,文件名有歧义。例如,考虑字符串"c:\program files\sub dir\program name".该字符串可能通过多种方法解释。系统尝试按以下的顺序解释可能性:
c:\program.exe c:\program files\sub.exe c:\program files\sub dir\program.exe c:\program files\sub dir\program name.exe 。如果可执行模块是16位应用,lpApplicationName应为NULL, lpCommandLine指向的字符串应指定可执行模块及其参数。
To run a batch file, you must start the command interpreter; set lpApplicationName to cmd.exe and set lpCommandLine to the following arguments: /c plus the name of the batch file.
要运行批处理文件,你必须启动命令解释程序;设置 lpApplicationName 为cmd.exe并且设置lpCommandLine为以下参数: /c加上批处理文件名。
The command line to be executed.
要执行的命令行
The maximum length of this string is 32,768 characters, including the Unicode terminating null character. If lpApplicationName is NULL, the module name portion of lpCommandLine is limited to MAX_PATH characters.
该字符串的最大长度为32768个字符,包括unicode终止空字符。如果lpApplicationName为NULL,则lpCommandLine的模块名称部分长度限制为MAX_PATH字符。
The Unicode version of this function, CreateProcessW, can modify the contents of this string. Therefore, this parameter cannot be a pointer to read-only memory (such as a const variable or a literal string). If this parameter is a constant string, the function may cause an access violation.
此函数的Unicode版本CreateProcessW可以修改此字符串的内容。因此,此参数不能是指向只读内存的指针(例如const变量或字面字符串)。如果此字符串是常量字符串,则该函数可能导致一个访问冲突。
The lpCommandLine parameter can be NULL. In that case, the function uses the string pointed to by lpApplicationName as the command line.
该lpCommandLine可以为NULL,这种情况下,该函数使用lpApplicationName指向的字符串作为命令行。
If both lpApplicationName and lpCommandLine are non-NULL, the null-terminated string pointed to by lpApplicationName specifies the module to execute, and the null-terminated string pointed to by lpCommandLine specifies the command line. The new process can use GetCommandLine to retrieve the entire command line. Console processes written in C can use the argc and argv arguments to parse the command line. Because argv[0] is the module name, C programmers generally repeat the module name as the first token in the command line.
如果lpApplicationName和lpCommandLine均非空,lpApplicationName指向的空字符结尾的字符串指定要执行的模块,lpCommandLine指向的空字符结尾的字符串指定命令行。新进程可以使用GetComandLine来检索整个命令行。用C编写的控制台进程可以使用argc和argv参数来解析命令行。因为argv[0]是模块名称,C程序员通常会重复模块名称作为命令行中的第一个标记。
If lpApplicationName is NULL, the first white space–delimited token of the command line specifies the module name. If you are using a long file name that contains a space, use quoted strings to indicate where the file name ends and the arguments begin (see the explanation for the lpApplicationName parameter). If the file name does not contain an extension, .exe is appended. Therefore, if the file name extension is .com, this parameter must include the .com extension. If the file name ends in a period (.) with no extension, or if the file name contains a path, .exe is not appended. If the file name does not contain a directory path, the system searches for the executable file in the following sequence:
如果lpApplicationName是NULL,则命令行第一个以空白分隔的标记指定模块名称。如果使用包含空格的长文件名,用带引号的字符串来表明文件名的结束和参数的开始(请看lpApplicationName参数的说明)。如果文件名没有扩展名,则追加.exe。因此,如果文件名的扩展名是 .com,该参数必须包括.com扩展名。如果文件名以句号(.)结尾没有扩展名,或者文件名包含路径,则不追加.exe。如果文件名不包括目录路径,则系统按以下顺序搜索可执行文件:
1.The directory from which the application loaded.
1.加载应用程序的目录
2.The current directory for the parent process.
2.父进程的当前目录
3.The 32-bit Windows system directory. Use the GetSystemDirectory function to get the path of this directory.
3.32位Windows系统目录。使用GetSystemDirectory函数此目录的路径。
4.The 16-bit Windows system directory. There is no function that obtains the path of this directory, but it is searched. The name of this directory is System.
4.16位Windows系统目录。没有函数可以获取此目录的路径,但会搜索它。该目录的名称是System。
5.The Windows directory. Use the GetWindowsDirectory function to get the path of this directory.
5.Windows目录。使用 GetWindowsDirectory函数获取此目录的路径。
6.The directories that are listed in the PATH environment variable. Note that this function does not search the per-application path specified by the App Paths registry key. To include this per-application path in the search sequence, use the ShellExecute function.
6.PATH环境变量中列出的目录。请注意,此功能不会搜索App Paths注册表项指定的每个应用程序路径。要在搜索序列中包含此每个应用程序路径,请使用ShellExecute函数。
The system adds a terminating null character to the command-line string to separate the file name from the arguments. This divides the original string into two strings for internal processing.
系统会在命令行字符串中添加一个终止空字符,以将文件名与参数分开。这会将原始字符串分为两个字符串以进行内部处理。
A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new process object can be inherited by child processes. If lpProcessAttributes is NULL, the handle cannot be inherited.
指向SECURITY_ATTRIBUTES结构的指针,该结构确定子进程是否可以继承返回的新进程对象句柄。如果lpProcessAttributes为NULL,则不能继承句柄。
The lpSecurityDescriptor member of the structure specifies a security descriptor for the new process. If lpProcessAttributes is NULL or lpSecurityDescriptor is NULL, the process gets a default security descriptor. The ACLs in the default security descriptor for a process come from the primary token of the creator.Windows XP: The ACLs in the default security descriptor for a process come from the primary or impersonation token of the creator. This behavior changed with Windows XP with SP2 and Windows Server 2003.
结构中lpSecurityDescriptor成员为新进程指定安全描述符。如果lpProcessAttributes为NULL或lpSecurityDescriptor为NULL,则进程将获取默认安全描述符。进程的默认安全描述符中的ACLs来自创建者的主令牌。Windows XP:进程的默认安全描述符中的ACL来自创建者的主要或模拟令牌。使用Windows XP SP2和Windows Server 2003时此行为已更改。
A pointer to a SECURITY_ATTRIBUTES structure that determines whether the returned handle to the new thread object can be inherited by child processes. If lpThreadAttributes is NULL, the handle cannot be inherited.
指向SECURITY_ATTRIBUTES结构的指针,该 结构确定子进程是否可以继承新线程对象的返回句柄。如果lpThreadAttributes为NULL,则无法继承句柄。
The lpSecurityDescriptor member of the structure specifies a security descriptor for the main thread. If lpThreadAttributes is NULL or lpSecurityDescriptor is NULL, the thread gets a default security descriptor. The ACLs in the default security descriptor for a thread come from the process token.Windows XP: The ACLs in the default security descriptor for a thread come from the primary or impersonation token of the creator. This behavior changed with Windows XP with SP2 and Windows Server 2003.
结构的lpSecurityDescriptor成员指定主线程的安全描述符。如果lpThreadAttributes为NULL或lpSecurityDescriptor为NULL,则该线程将获取默认安全描述符。线程的默认安全描述符中的ACLs来自进程令牌。Windows XP:线程的默认安全描述符中的ACLs来自创建者的主要或模拟令牌。使用Windows XP SP2和Windows Server 2003时此行为已更改。
If this parameter is TRUE, each inheritable handle in the calling process is inherited by the new process. If the parameter is FALSE, the handles are not inherited. Note that inherited handles have the same value and access rights as the original handles.
如果此参数为TRUE,则新进程将继承调用进程中的每个可继承句柄。如果参数为FALSE,则不会继承句柄。请注意,继承的句柄与原始句柄具有相同的值和访问权限。
Terminal Services: You cannot inherit handles across sessions. Additionally, if this parameter is TRUE, you must create the process in the same session as the caller.
终端服务:你不能跨会话继承句柄。此外,如果此参数为TRUE,则必须在与调用方相同的会话中创建进程。
Protected Process Light (PPL) processes: The generic handle inheritance is blocked when a PPL process creates a non-PPL process since PROCESS_DUP_HANDLE is not allowed from a non-PPL process to a PPL process. See Process Security and Access Rights
受保护的进程指示灯(PPL)进程: 当PPL进程创建非PPL进程时,通用句柄继承被阻止,因为不允许PROCESS_DUP_HANDLE从非PPL进程到PPL进程。请参阅流程安全性和访问权限
The flags that control the priority class and the creation of the process. For a list of values, see Process Creation Flags.
控制优先级和创建进程的标志。有关值列表,请参阅 Process Creation Flags。
This parameter also controls the new process’s priority class, which is used to determine the scheduling priorities of the process’s threads. For a list of values, see GetPriorityClass. If none of the priority class flags is specified, the priority class defaults to NORMAL_PRIORITY_CLASS unless the priority class of the creating process is IDLE_PRIORITY_CLASS or BELOW_NORMAL_PRIORITY_CLASS. In this case, the child process receives the default priority class of the calling process.
此参数还控制新进程的优先级类,该优先级用于确定进程线程的调度优先级。有关值列表,请参阅 GetPriorityClass。如果未指定任何优先级类别标志,则优先级类默认为NORMAL_PRIORITY_CLASS,除非创建进程的优先级类别为IDLE_PRIORITY_CLASS或BELOW_NORMAL_PRIORITY_CLASS。在这种情况下,子进程接收调用进程的默认优先级。
A pointer to the environment block for the new process. If this parameter is NULL, the new process uses the environment of the calling process.
指向新进程的环境块的指针。如果此参数为NULL,则新进程使用调用进程的环境。
An environment block consists of a null-terminated block of null-terminated strings. Each string is in the following form:
name=value\0
Because the equal sign is used as a separator, it must not be used in the name of an environment variable.
环境块由以null结尾的以null结尾的字符串块组成。每个字符串采用以下形式:
name=value\0
因为等号用作分隔符,所以不能在环境变量的名称中使用它。
An environment block can contain either Unicode or ANSI characters. If the environment block pointed to by lpEnvironment contains Unicode characters, be sure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT. If this parameter is NULL and the environment block of the parent process contains Unicode characters, you must also ensure that dwCreationFlags includes CREATE_UNICODE_ENVIRONMENT.
环境块可以包含Unicode或ANSI字符。如果lpEnvironment指向的环境块包含Unicode字符,请确保dwCreationFlags包含CREATE_UNICODE_ENVIRONMENT。如果此参数为NULL并且父进程的环境块包含Unicode字符,则还必须确保dwCreationFlags包含CREATE_UNICODE_ENVIRONMENT。
The ANSI version of this function, CreateProcessA fails if the total size of the environment block for the process exceeds 32,767 characters.
如果进程的环境块的总大小超过32,767个字符,则此函数的ANSI版本CreateProcessA将失败。
Note that an ANSI environment block is terminated by two zero bytes: one for the last string, one more to terminate the block. A Unicode environment block is terminated by four zero bytes: two for the last string, two more to terminate the block.
请注意,ANSI环境块由两个零字节终止:一个用于最后一个字符串,另一个用于终止块。Unicode环境块由四个零字节终止:两个用于最后一个字符串,另外两个用于终止块。
The full path to the current directory for the process. The string can also specify a UNC path.
进程当前目录的完整路径。该字符串还可以指定UNC路径。
If this parameter is NULL, the new process will have the same current drive and directory as the calling process. (This feature is provided primarily for shells that need to start an application and specify its initial drive and working directory.)
如果此参数为NULL,则新进程将具有与调用进程相同的当前驱动器和目录。(此功能主要用于需要启动应用程序并指定其初始驱动器和工作目录的shell。)
A pointer to a STARTUPINFO or STARTUPINFOEX structure.
指向STARTUPINFO或STARTUPINFOEX结构的指针 。
To set extended attributes, use a STARTUPINFOEX structure and specify EXTENDED_STARTUPINFO_PRESENT in the dwCreationFlags parameter.
要设置扩展属性,请使用STARTUPINFOEX结构并在dwCreationFlags参数中指定EXTENDED_STARTUPINFO_PRESENT 。
Handles in STARTUPINFO or STARTUPINFOEX must be closed with CloseHandle when they are no longer needed.
在 STARTUPINFO或STARTUPINFOEX中的句柄必须在不再需要时用CloseHandle关闭。
Important The caller is responsible for ensuring that the standard handle fields in STARTUPINFO contain valid handle values. These fields are copied unchanged to the child process without validation, even when the dwFlags member specifies STARTF_USESTDHANDLES. Incorrect values can cause the child process to misbehave or crash. Use the Application Verifier runtime verification tool to detect invalid handles.
重要 调用者负责确保STARTUPINFO中的标准句柄字段 包含有效的句柄值。即使dwFlags成员指定STARTF_USESTDHANDLES,这些字段也会不加修改地复制到子进程而不进行验证。不正确的值可能导致子进程出现异常或崩溃。使用Application Verifier运行时验证工具来检测无效句柄。
A pointer to a PROCESS_INFORMATION structure that receives identification information about the new process.
指向PROCESS_INFORMATION结构的指针,该结构接收有关新进程的标识信息。
Handles in PROCESS_INFORMATION must be closed with CloseHandle when they are no longer needed.
PROCESS_INFORMATION中的句柄 必须在不再需要时使用CloseHandle关闭 。